Re: Prompting for passwords on the desktop?
- From: "Gustavo J. A. M. Carneiro" <gjc inescporto pt>
- To: Patryk Zawadzki <patrys pld-linux org>
- Cc: stef memberwebs com, "desktop-devel-list gnome org" <desktop-devel-list gnome org>, Brian Cameron <Brian Cameron sun com>
- Subject: Re: Prompting for passwords on the desktop?
- Date: Fri, 19 Sep 2008 13:50:11 +0100
On Fri, 2008-09-19 at 13:09 +0200, Patryk Zawadzki wrote:
> On Fri, Sep 19, 2008 at 12:42 PM, Gustavo J. A. M. Carneiro
> <gjc inescporto pt> wrote:
> > Someone who has gained a user privilege could possibly show a fake
> > password input dialog that looks exactly like a "real" password prompt,
> > thereby learning the root password.
> >
> > Same thing with VT swiching. It shouldn't be hard to make the it look
> > like we are switching VT from a simple X11 program running as the user.
> >
> > If the local user account has been compromised it seems to me that all
> > hope is lost. So I don't really see the point of all this Trusted Path
> > complexity.
> >
> > But I'm no security expert; I might be missing something.
>
> I believe the goal is to use some uncatchable keyboard sequence a'la
> Windows' secure auth (Ctrl+Alt+Del).
This is kind of silly; I have to type a complex keyboard combination in
order to input a password? That is annoying. Additionally, switching
VTs in Linux is usually slow; more annoyance. Expect some resistance on
this "feature".
Besides, my user account being compromised is 99% as bad as the root
account being compromised, IMHO.
--
Gustavo J. A. M. Carneiro
<gjc inescporto pt> <gustavo users sourceforge net>
"The universe is always one step beyond logic" -- Frank Herbert
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
